We’ve received reports from church directory admins who say scammers are requesting access to member directories so they can harvest the Personal Identifiable Information (PII) to spam or scam church members. These individuals claim to be church members and request access to the directory via email or an online website form. Once given directory access, they send spam messages to members via email or text.
A church directory is a treasure trove of contextualized information about members that allows for targeted social-engineering attacks. The more information scammers have, the more likely these attacks will be successful, especially against elderly or vulnerable members. We believe scammers are finding these churches via websites that mention Instant Church Directory and provide an email address or contact form to request access.
We’re deeply frustrated and disappointed that nefarious individuals are targeting churches this way. We encourage all subscribers to remain vigilant in defending your directory and church members’ information.
We recommend verifying or vetting each membership request before adding a new member’s email address to your directory. This is especially true if you have a public form for requesting access.
When in doubt, verify they are who they say they are! Here are some specific steps you can take:
- BEST PRACTICE: Use a Family Form that is to be filled out and submitted to the church office. Using a Church Directory Information Form for New and Existing Members
- Verify the person’s address via Google maps.
- Look up their name on a Google search to see if the person is local to your church.
- Ask for a phone number and call them if you feel unsure.
- Invite the person to worship and ask them to reach out to you or the pastor to provide their name and email.
Once someone has access to names, emails and phone numbers from your directory, there’s no way to stop scammers from targeting your members. The next step is to go on the defense. We’ve covered some ideas in Don’t Take the Bait: Watch Out for “Whaling” Scams.